Merge pull request #563 from ecsv/batadv-for-19.07

openwrt-19.07: batman-adv: Merge bugfixes from 2020.1
2020-04-27 10:25:41 +02:00 · 2020-04-27 10:25:41 +02:00 · 9b42e24a54
parent 20b98f094e 5dd2f44a5b
commit 9b42e24a54
8 changed files with 216 additions and 4 deletions
--- a/batctl/Makefile
+++ b/batctl/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=batctl

 PKG_VERSION:=2019.2
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 PKG_HASH:=fb656208ff7d4cd8b1b422f60c9e6d8747302a347cbf6c199d7afa9b80f80ea3

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
--- a/batctl/patches/0005-batctl-Prefer-netlink-hardif-status-retrieval-over-s.patch
+++ b/batctl/patches/0005-batctl-Prefer-netlink-hardif-status-retrieval-over-s.patch
@ -16,10 +16,10 @@ sysfs.
 Reported-by: Linus Lüssing <linus.luessing@c0d3.blue>
 Signed-off-by: Sven Eckelmann <sven@narfation.org>

-Origin: upstream, https://git.open-mesh.org/batctl.git/commit/
+Origin: upstream, https://git.open-mesh.org/batctl.git/commit/ce5f0efb35bff8a80992df63876bcac1d4a94867

 diff --git a/interface.c b/interface.c
-index 19e6670b45d1bd2dd65c8fbb47eb85361e8c4d26..c2bfc7402aece61be37a71730745c47ad56e2af4 100644
+index 5ff25a7b790d68aa69155f0cc7661080145ac86e..0a694c9f41f71a3dd72ae87b79b28434f7e8918f 100644
 --- a/interface.c
 +++ b/interface.c
@@ -67,18 +67,18 @@ static int get_iface_status_netlink_parse(struct nl_msg *msg, void *arg)
--- a/batctl/patches/0006-batctl-Return-EXIT_FAILURE-when-throughputmeter-fail.patch
+++ b/batctl/patches/0006-batctl-Return-EXIT_FAILURE-when-throughputmeter-fail.patch
@ -0,0 +1,37 @@
+From: Leonardo Mörlein <me@irrelefant.net>
+Date: Wed, 8 Apr 2020 23:49:03 +0200
+Subject: batctl: Return EXIT_FAILURE when throughputmeter failed
+
+The command returned a success even an error was shown during the
+execution.
+
+  $ (sudo batctl tp 77:77:77:77:77:77 && echo true) || echo false
+  Destination unreachable
+  true
+
+Instead it should indicate a failure when the kernel replied with a
+non-success return_value:
+
+  $ (sudo ./batctl tp 77:77:77:77:77:77 && echo true) || echo false
+  Destination unreachable
+  false
+
+Fixes: f109b3473f86 ("batctl: introduce throughput meter support")
+Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
+[sven@narfation.org: adjusted commit message]
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batctl.git/commit/df8bf5164b6904f61ae0b0db090fb5bb41b4f06d
+
+diff --git a/throughputmeter.c b/throughputmeter.c
+index f9d98cfcac86d7a9398e2adddd143924b38e50b0..f19d4891981c99b7b9f3fae39c8d59f549243d0a 100644
+--- a/throughputmeter.c
+++ b/throughputmeter.c
+@@ -465,6 +465,7 @@ static int throughputmeter(struct state *state, int argc, char **argv)
+ 		goto out;
+ 	}
+ 
+	ret = EXIT_FAILURE;
+ 	switch (result.return_value) {
+ 	case BATADV_TP_REASON_DST_UNREACHABLE:
+ 		fprintf(stderr, "Destination unreachable\n");
--- a/batman-adv/Makefile
+++ b/batman-adv/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=batman-adv

 PKG_VERSION:=2019.2
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 PKG_HASH:=70c3f6a6cf88d2b25681a76768a52ed92d9fe992ba8e358368b6a8088757adc8

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
--- a/batman-adv/patches/0016-batman-adv-fix-batadv_nc_random_weight_tq.patch
+++ b/batman-adv/patches/0016-batman-adv-fix-batadv_nc_random_weight_tq.patch
@ -0,0 +1,59 @@
+From: George Spelvin <lkml@sdf.org>
+Date: Sun, 8 Mar 2020 09:44:59 -0400
+Subject: batman-adv: fix batadv_nc_random_weight_tq
+
+and change to pseudorandom numbers, as this is a traffic dithering
+operation that doesn't need crypto-grade.
+
+The previous code operated in 4 steps:
+
+1. Generate a random byte 0 <= rand_tq <= 255
+2. Multiply it by BATADV_TQ_MAX_VALUE - tq
+3. Divide by 255 (= BATADV_TQ_MAX_VALUE)
+4. Return BATADV_TQ_MAX_VALUE - rand_tq
+
+This would apperar to scale (BATADV_TQ_MAX_VALUE - tq) by a random
+value between 0/255 and 255/255.
+
+But!  The intermediate value between steps 3 and 4 is stored in a u8
+variable.  So it's truncated, and most of the time, is less than 255, after
+which the division produces 0.  Specifically, if tq is odd, the product is
+always even, and can never be 255.  If tq is even, there's exactly one
+random byte value that will produce a product byte of 255.
+
+Thus, the return value is 255 (511/512 of the time) or 254 (1/512
+of the time).
+
+If we assume that the truncation is a bug, and the code is meant to scale
+the input, a simpler way of looking at it is that it's returning a random
+value between tq and BATADV_TQ_MAX_VALUE, inclusive.
+
+Well, we have an optimized function for doing just that.
+
+Fixes: c3289f3650d3 ("batman-adv: network coding - code and transmit packets if possible")
+Signed-off-by: George Spelvin <lkml@sdf.org>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/db48c60b0edb995450ee846157364bd09bb23762
+
+diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
+index c5e7906045f3c62c052400c44a18bca0a38499ba..b7f3d9ef83cfcc136888cd2487dcdd88cb16d6d9 100644
+--- a/net/batman-adv/network-coding.c
+++ b/net/batman-adv/network-coding.c
+@@ -1009,15 +1009,8 @@ static struct batadv_nc_path *batadv_nc_get_path(struct batadv_priv *bat_priv,
+  */
+ static u8 batadv_nc_random_weight_tq(u8 tq)
+ {
+-	u8 rand_val, rand_tq;
+-
+-	get_random_bytes(&rand_val, sizeof(rand_val));
+-
+ 	/* randomize the estimated packet loss (max TQ - estimated TQ) */
+-	rand_tq = rand_val * (BATADV_TQ_MAX_VALUE - tq);
+-
+-	/* normalize the randomized packet loss */
+-	rand_tq /= BATADV_TQ_MAX_VALUE;
+	u8 rand_tq = prandom_u32_max(BATADV_TQ_MAX_VALUE + 1 - tq);
+ 
+ 	/* convert to (randomized) estimated tq again */
+ 	return BATADV_TQ_MAX_VALUE - rand_tq;
--- a/batman-adv/patches/0017-batman-adv-Fix-refcnt-leak-in-batadv_show_throughput.patch
+++ b/batman-adv/patches/0017-batman-adv-Fix-refcnt-leak-in-batadv_show_throughput.patch
@ -0,0 +1,38 @@
+From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Date: Wed, 15 Apr 2020 16:31:50 +0800
+Subject: batman-adv: Fix refcnt leak in batadv_show_throughput_override
+
+batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(),
+which gets a batadv_hard_iface object from net_dev with increased refcnt
+and its reference is assigned to a local pointer 'hard_iface'.
+
+When batadv_show_throughput_override() returns, "hard_iface" becomes
+invalid, so the refcount should be decreased to keep refcount balanced.
+
+The issue happens in the normal path of
+batadv_show_throughput_override(), which forgets to decrease the refcnt
+increased by batadv_hardif_get_by_netdev() before the function returns,
+causing a refcnt leak.
+
+Fix this issue by calling batadv_hardif_put() before the
+batadv_show_throughput_override() returns in the normal path.
+
+Fixes: c513176e4b7a ("batman-adv: add throughput override attribute to hard_ifaces")
+Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/f301bfed59b146a63471d0f147b767d7cafede6f
+
+diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
+index 80fc3253c3368e3cc356176c5ba961542de0a8c9..c20f2bab9db56021f7280ebdfc2afcfd772991bd 100644
+--- a/net/batman-adv/sysfs.c
+++ b/net/batman-adv/sysfs.c
+@@ -1189,6 +1189,7 @@ static ssize_t batadv_show_throughput_override(struct kobject *kobj,
+ 
+ 	tp_override = atomic_read(&hard_iface->bat_v.throughput_override);
+ 
+	batadv_hardif_put(hard_iface);
+ 	return sprintf(buff, "%u.%u MBit\n", tp_override / 10,
+ 		       tp_override % 10);
+ }
--- a/batman-adv/patches/0018-batman-adv-Fix-refcnt-leak-in-batadv_store_throughpu.patch
+++ b/batman-adv/patches/0018-batman-adv-Fix-refcnt-leak-in-batadv_store_throughpu.patch
@ -0,0 +1,39 @@
+From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Date: Wed, 15 Apr 2020 16:35:21 +0800
+Subject: batman-adv: Fix refcnt leak in batadv_store_throughput_override
+
+batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(),
+which gets a batadv_hard_iface object from net_dev with increased refcnt
+and its reference is assigned to a local pointer 'hard_iface'.
+
+When batadv_store_throughput_override() returns, "hard_iface" becomes
+invalid, so the refcount should be decreased to keep refcount balanced.
+
+The issue happens in one error path of
+batadv_store_throughput_override(). When batadv_parse_throughput()
+returns NULL, the refcnt increased by batadv_hardif_get_by_netdev() is
+not decreased, causing a refcnt leak.
+
+Fix this issue by jumping to "out" label when batadv_parse_throughput()
+returns NULL.
+
+Fixes: c513176e4b7a ("batman-adv: add throughput override attribute to hard_ifaces")
+Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/b69cd8bdbfd6fa7e61878c2fa9e6637406f40dd9
+
+diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
+index c20f2bab9db56021f7280ebdfc2afcfd772991bd..34e9948fbd45ef6f2690052a208d6a4e4a4f215b 100644
+--- a/net/batman-adv/sysfs.c
+++ b/net/batman-adv/sysfs.c
+@@ -1149,7 +1149,7 @@ static ssize_t batadv_store_throughput_override(struct kobject *kobj,
+ 	ret = batadv_parse_throughput(net_dev, buff, "throughput_override",
+ 				      &tp_override);
+ 	if (!ret)
+-		return count;
+		goto out;
+ 
+ 	old_tp_override = atomic_read(&hard_iface->bat_v.throughput_override);
+ 	if (old_tp_override == tp_override)
--- a/batman-adv/patches/0019-batman-adv-Fix-refcnt-leak-in-batadv_v_ogm_process.patch
+++ b/batman-adv/patches/0019-batman-adv-Fix-refcnt-leak-in-batadv_v_ogm_process.patch
@ -0,0 +1,39 @@
+From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Date: Mon, 20 Apr 2020 13:37:20 +0800
+Subject: batman-adv: Fix refcnt leak in batadv_v_ogm_process
+
+batadv_v_ogm_process() invokes batadv_hardif_neigh_get(), which returns
+a reference of the neighbor object to "hardif_neigh" with increased
+refcount.
+
+When batadv_v_ogm_process() returns, "hardif_neigh" becomes invalid, so
+the refcount should be decreased to keep refcount balanced.
+
+The reference counting issue happens in one exception handling paths of
+batadv_v_ogm_process(). When batadv_v_ogm_orig_get() fails to get the
+orig node and returns NULL, the refcnt increased by
+batadv_hardif_neigh_get() is not decreased, causing a refcnt leak.
+
+Fix this issue by jumping to "out" label when batadv_v_ogm_orig_get()
+fails to get the orig node.
+
+Fixes: 667996ebeab4 ("batman-adv: OGMv2 - implement originators logic")
+Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+
+Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/4515f5e6a4ccbe1c563b05f2d487eb9eef3c9740
+
+diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c
+index 74452e9385b1a6e81be64af259dfc371cd3e9655..9c42152829c976a2fb6c4395ab4d17c34fe47682 100644
+--- a/net/batman-adv/bat_v_ogm.c
+++ b/net/batman-adv/bat_v_ogm.c
+@@ -723,7 +723,7 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset,
+ 
+ 	orig_node = batadv_v_ogm_orig_get(bat_priv, ogm_packet->orig);
+ 	if (!orig_node)
+-		return;
+		goto out;
+ 
+ 	neigh_node = batadv_neigh_node_get_or_create(orig_node, if_incoming,
+ 						     ethhdr->h_source);